3 Years After Attacks on Ukraine Power Grid, BlackEnergy Successor Poses Growing Threat
Researchers are calling “GreyEnergy,” an offshoot of the BlackEnergy group that conducted a massive cyberattack on the Ukrainian power grid in 2015, an emerging threat to the Central and Eastern European power grid. Security firm ESET has released a report describing the group’s activities as focused on reconnaissance and espionage of critical infrastructure organizations, gathering information that could be in preparation for a future attack. The other offshoot of BlackEnergy, known as Telebots and infamous for their NotPetya ransomware attack in 2017, has worked closely with GreyEnergy, although their approaches have differed, with Telebots limiting themselves to cyber disruption in Ukraine and GreyEnergy working on critical infrastructure and industrial networks across the region. The groups methods and tactics have made them leaders in many malware development areas, using techniques that security companies have struggled to fix and patch.